[App_rpt-users] Security was Re: What is the "debian" user in the DIAL distro?
Bryan D. Boyle
bdboyle at bdboyle.com
Thu Jun 8 01:55:14 UTC 2017
Based on tests that the security research arm of my company has run (well-known IT company that's been around for over a century...), the elapsed time that a system exposed to the network is discovered, probed, and if well-known vulnerable ports are detailed (and the scum or nation states who do this keep records), then attempted to be pwned is somewhere between a minute to a half hour.
Just for giggles, i spun up a pi with a sip server enabled connected to a second port on my router and started a tail -f on the messages file and grepped for the sip daemon. routed the sip port on my external router to the pi, a sat back. (there was no route from the pi to my internal network)
3 minutes till the first probe. 15 till the attempted pwning. SIP was the only inbound port opened. I just watched...and went on for an hour (no, they didn't take over the system, only ate up bandwidth, of which I am pretty ok with being on FTTH). It's all automated. don't even need human intervention for the probe, just to select the attack vectors when the automated system pops a live port selection.
Default SSH is NO guarantee. Allowing root access from an interactive login from the net port deserves to be punished. Bogus user passwords that are guessable should be cause for your isp to turn off your connection. Moving to a different port is just attempted security through obscurity. Open ports from the outside inbound that allow anyone on the network to connect will be probed and attempts (DoS, null sled, buffer overruns, etc) to subvert your system as a c&c node, bitcoin miner, email spam relay, porn repository, or whathaveyou is the goal.
After doing this since 1988 or so, it's only the frequency that it happens that's changing, not that it's happening.
fail2ban is a good stopgap measure for ports that you positively HAVE to have exposed. router firewall enabled and locked down? good. iptables set up properly? passwords NOT based on dictionary words or used for your other online activities? yeah, it's a pain. the alternative is your system being taken over and used for other purposes while you sleep.
Lots more you can do. the basic mantra you should have is: "That which is not expressly permitted is prohibited".
--
Bryan CISSP/CEH/CISM
Sent from my iPhone 6S...No electrons were harmed in the sending of this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20170607/4918dd6b/attachment.html>
More information about the App_rpt-users
mailing list